On Mon, May 2, 2011 at 12:20 AM, Stefan Fouant <sfou...@shortestpathfirst.net> wrote: >> -----Original Message----- >> From: christopher.mor...@gmail.com >> [mailto:christopher.mor...@gmail.com] On Behalf Of Christopher Morrow >> >> one thing to keep in mind is that as near as I can tell no vendor (not >> a singl eone) has actual hard limits configurable for each tenant >> firewall instance. So, one can use all of the 'firewall rule' >> resources, one can use all of the 'route memory' ... leaving other >> instances flailing :( > > Ahem, actually ScreenOS does support just such a thing through the use of > resource profiles - with this you can limit the amount of CPU, Sessions, > Policies, MIPs and DIPs (used for NAT), and other user defined objects such > as address book entries, etc. that each VSYS can avail. This was one of the
good to know... I wonder how well it isolates. > primary drivers behind our decision to utilize the NS-5400 for Verizon's > NBFW (you remember that place right Chris, heh') i do, occasionally via the twitching :) > Stefan Fouant > > >
